mqtt_connect error 45 when using secure transport

I am experiencing the same issue and the same errno returned. I have not seen TLS working correctly on this system since I ran the Asset Tracker demo back in December. It seems that many things in the SDK have been broken since then.

First, as stated above everything is fine for non-secured transport.

I am attempting to connect to AWS. The flow is:

• Load certificates (CA, private, public) via the nrf_inbuilt functionality. All operations succeed
• Connect to LTE succeeds
• Set TLS parameters (peer_verify = 2) and using the certificates I loaded
• Traced the code all the way to where nrf_connect is called. I stepped through the assembly once it is called and can tell it is failing in the secure_client_socket call. After that is called it calls bsd_os_errno_set to set the errno to 45

I am happy to share source code and the test certificates I am using...

IDE:              Segger Embedded Studio v4.14 (I have heard v4.16 is having issues so I have not upgraded yet)

nrf version:    v0.3.0 tag

modem:         0.6.8-131.alpha

device:           tried it on both the nrf9160 DK and a custom board we built

I am experiencing the same issue and the same errno returned. I have not seen TLS working correctly on this system since I ran the Asset Tracker demo back in December. It seems that many things in the SDK have been broken since then.

First, as stated above everything is fine for non-secured transport.

I am attempting to connect to AWS. The flow is:

• Load certificates (CA, private, public) via the nrf_inbuilt functionality. All operations succeed
• Connect to LTE succeeds
• Set TLS parameters (peer_verify = 2) and using the certificates I loaded
• Traced the code all the way to where nrf_connect is called. I stepped through the assembly once it is called and can tell it is failing in the secure_client_socket call. After that is called it calls bsd_os_errno_set to set the errno to 45

I am happy to share source code and the test certificates I am using...

IDE:              Segger Embedded Studio v4.14 (I have heard v4.16 is having issues so I have not upgraded yet)

nrf version:    v0.3.0 tag

modem:         0.6.8-131.alpha

device:           tried it on both the nrf9160 DK and a custom board we built

I just tried building using the latest from master in the mcuboot, nrf, nrfxlib, and zephyr projects. There are too many errors to try to remedy when attempting this. If I need to be using newer code from the repos than 0.3.0 can you please call out the commit number for the repos.

Thanks

Just double checking, are you aware of the changes in how to check everything out and build with "west" that happened after v0.3.0?  If not, you probably want to go back and read the Zephyr "Getting Started" page to figure out how to use it.

https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/getting_started.html

I was able to do a west update using the manifest in fw-nrfconnect-nrf as of commit ecc4ded86716fcf4b94e80efca450b3ddb4b7a26 and the asset_tracker application builds fine with a board type of nrf9160_pca10090ns.

Thanks. I was under the impression that SES 4.16 supported the latest based on the documentation I read online but I guess it does not yet.

I will go the west route.

Thanks for the pointer. Have you ever successfully got a TLS connection to AWS?

I think SES 4.16 can do everything once you have done a "west update" to get all the proper code revisions, but it just assumes you're already on the right repositories.

I have done TLS connections to my MQTT broker running inside AWS, but I am terminating the TLS on the broker directly and not on an Amazon load balancer.  I also have peer_verify set to 0 and no keys/certs loaded on the nrf9160, so I currently have no guarantees against MITM, etc.